Google to sort out YouTube hole exploited by hackers

Apparently, YouTube has been blighted by fake pop-up messages which redirect browsers to mucky websites. I haven't seen any. That's because I don't click pop-ups. That's because I'm not a spectacular dunce.

Anyway, because the world has many dithering idiots, YouTube are having to fix this flaw which has allowed hackers to do such a thing.

What happened was, hackers put some code in the comments in specific videos and naturally, these would run whilst you watched a clip. It isn't entirely humourless though. One such pop-up appeared reporting that warbling foetus Justin Beiber had been killed in a car crash.

Google (who owns the YouTube, should you be unaware of this fact) said that it had fixed the problem "about two hours" after it was discovered.

"We took swift action to fix a cross-site scripting (XSS) vulnerability on youtube.com," a spokesperson said. "Comments were temporarily hidden by default within an hour, and we released a complete fix for the issue in about two hours.

In this instance, hackers used a bit of JavaScript code and did some HTML tinkering to horse around with the videos. Despite the fact that most people were pissing around with videos for daft, pranky reasons, some expert types noted that it was being used for more malicious purposes.

"The thing with a cross-site scripting attack is that it will appear that it is a message being posted by that website, which gives it a certain legitimacy, Graham Cluely of security firm Sophos told BBC News. "It could be used to show a message that tells you to update your password; it could link to a malicious website; or it could attempt to phish you."

Google said it was "continuing to study the vulnerability to help prevent similar issues in the future".